First thing we both jumped on this morning was trying to connect the sdk using some base functions to call the target to the computer using a bridge on ollydbg

using the 64bit version, ida we just disabled a bunch of debug mapping and socket etc. including the layers for sending files and returning a lot of nulls or 1 - 0 on / off settings but we some how stumbled on connecting the target to pc successfully returning the error CE-4829D0-2 as it connected to target but then this is the weird part in the error report it would give us 5 different versions of firmware

3.15, 3.50, 3.55, 4.00.1, 4.00, we both immediately thought we were somehow spoofing using some of the settings and so me being curious changed the debug sockets to see the version output = 0 so i didnt understand anything we had changed

we thought it was just either a glitch in the function, or just a simple fluke until i somehow went from 3.55 - 4.00 blue cross can verify this, i had been on 3.55 for this whole testing i hadnt update yet so there for it was mind boggling

we both just thought "well were running webkit rn, so lets try dumping the memory or even kernel? we already dumped the cpu from the sdk", mean while as we are talking im changing 3 functions the registry to map the debug ports and the alternate packers / buff / sents / other settings inside the dx appliction of the sdk.

i kinda figured that since the system was on 3.55 which we both knew thats just the sdk telling the system temporarily to spoof as 4.00 until i went into webkit i found that when i clicked code execution it froze, so are thoughts were "were not on 3.55 kernel??" sdk to my knowledge just makes the whole thing connect / send files / update os / install os / run a bunch of tools / make games or send games to the console / or dev the behavior of the console and network

so i mean its kinda wierd unless it just updated on its own but its up to you decide what happen im afraid this was just a fluke?? or i didnt pay attention. anyway we did see some sort of spoof, as i showed in a video before and we did spoof more of the options and did get to see weird things happen as we where experimenting.

> here is the things we where able to do <

- connect the sdk to console (using a exploit found in the connect sent or disabling most of the debug+orbis map and sockets)
- some spoof able to get into partys and send messages to friend all the way until you play a game or run the store (OrbisEmu)
- spoof kernel that's still either a question or answer (up for debate)

> things we could not do <
- install os
- send games to console
- enable debug settings
- send files to console
- unable to map hdd on the ps4
- although all the labels where clickable we where unable to do anything other then get the connect totarget to work

now there is quite of more testing to do!
< like >we have to see if we can write a poker
we have to see if we can use a invoker to poker
we need to see if we can get a kernel dump (clean dump)
we need to get a list of modules to peek into a setting probley can just go onto the dev wiki
we need to get a patch for the media exported elf from the hdd
//build a structure that can make like a mini shell for ps4 (payload) >> not possible I guess? <<
whether or not we can dump the eeprom
section off sorts of functions or even disable certain ones to get certain ones to work
map the hard drive of the ps4 somehow

there is a bunch cant name all of them but i have a bunch of ideas that we can test
hopefully you will be happy with the current results i will be uploading the pictures as well